On Fri, 27 Jun 2025 19:39:06 GMT, Sebastian Stenzel <[email protected]> wrote:
> Hi Sebastian, the API you suggested is only the KEM step, and it should be > made internal inside HPKE. > > At the end of the day, HPKE is still a cipher. I understand the key > encapsulation message (aka, KEM ciphertext) is different from a traditional > IV, but they share some key characteristics: 1) generated by the sender after > initialization, 2) cryptographically random, 3) then made public, 4) has > critical impact on encryption result. To avoid some of this potential confusion, I think it could help to expand on the description of `Cipher.getIV()` to describe this new use case for IV, something like changing this sentence: "This is useful in the case where a random IV was created, or in the context of password-based encryption or decryption, where the IV is derived from a user-supplied password." to: "This is useful in the case where a random IV was created, or in the context of password-based encryption or decryption, where the IV is derived from a user-supplied password, or in the case of HPKE (Hybrid Public Key Encryption) where IV contains the encapsulation of the KEM shared secret." ------------- PR Comment: https://git.openjdk.org/jdk/pull/18411#issuecomment-3229573848
